This leadership role oversees information security management within the organizations. You will be responsible for driving cybersecurity strategy, governance, and operations across complex IT environments.
In this role, you will work closely with senior leadership, technology teams, and external partners to drive enterprise-wide security outcomes:
- Lead the organization's cybersecurity strategy to enable digital transformation while ensuring robust security and resilience
- Develop, implement, and maintain cybersecurity strategies, policies, and roadmaps aligned to business priorities
- Drive enterprise risk management through continuous threat-based risk assessments, treatment planning, monitoring, and reporting
- Review, challenge, and endorse security risk assessments and mitigation plans across projects and initiatives
- Establish governance over the organization's security posture, including visibility of assets, systems, architectures, and operational security practices
- Define and maintain incident response frameworks, playbooks, and escalation procedures, and lead response efforts during major security incidents
- Plan and conduct security exercises, including tabletop simulations, crisis response drills, and post-incident reviews
- Provide expert advisory on security technologies, ensuring alignment with business needs and industry best practices
- Ensure security is embedded by design across systems, applications, and infrastructure, including DevSecOps and secure engineering practices
- Oversee cybersecurity awareness, training, and culture-building programs across the organization
Requirements
- Bachelor's degree in Computer Science, Information Systems, Engineering, or a related technical discipline
- 8–10+ years of experience in information security leadership roles
- Strong understanding of enterprise IT environments, including infrastructure, applications, security policies, and business processes
- Proven experience leading cross-functional teams in security governance and operational security management
- Strong stakeholder management and executive communication skills
- Strong technical understanding of both on-premises infrastructure security and cloud security architectures across major platforms (e.g., AWS, Azure, and GCP), including native security services, identity and access management, and implementation of security controls.
Technical expertise should include:
- Secure-by-design principles and security architecture review
- DevSecOps practices, Infrastructure as Code (IaC), and CI/CD pipeline security
- Cloud security across IaaS, PaaS, and SaaS models
- Cloud-native architectures including containers, microservices, and serverless systems
- Hybrid security spanning on-premises and cloud environments
Risk & Security Competencies:
- Identification and assessment of cybersecurity risks across enterprise environments (e.g., misconfigurations, insider threats, vendor risk, malware/ransomware, account compromise, data leakage, compliance exposure)
- Evaluation of security controls and development of practical mitigation strategies
- Ability to translate technical risks into clear business impact and decision-making insights
- Strong understanding of regulatory, compliance, and audit requirements
Certifications (preferred):
- CISSP (strongly preferred)
- CISM, CCSP, GCIH, or equivalent industry certifications
